EFront Multiple Cross Site Scripting And SQL Injection Vulnerabilities Network Vulnerability

Summary

eFront is prone to multiple cross-site scripting and SQL-injection vulnerabilities because the software fails to sufficiently sanitize user-supplied input. Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. eFront 3.6.10 build 11944 is vulnerable other versions may also be affected.

Solution

Updates are available. Please see the references for details.

References

http://www.efrontlearning.net/
http://www.securityfocus.com/bid/50492
https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_efront.html

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Atutor AChecker Multiple SQL Injection and XSS Vulnerabilities
AjaxPortal 'di.php' File Inclusion Vulnerability
Baby Gekko CMS Multiple Vulnerabilities
ApPHP MicroBlog Remote Code Execution Vulnerability
ARRIS 2307 Unprotected Web Console

eFront Multiple Cross Site Scripting and SQL Injection Vulnerabilities

Take action and discover your vulnerabilities